1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
"use strict";
createHttpServer({ hosts: ["example.com"] });
AddonTestUtils.createAppInfo(
"xpcshell@tests.mozilla.org",
"XPCShell",
"1",
"1.9.2"
);
async function assertInstallTriggetRejected(page, xpi_url, expectedError) {
await Assert.rejects(
page.spawn([xpi_url], async url => {
this.content.eval(`InstallTrigger.install({extension: '${url}'});`);
}),
expectedError,
`InstallTrigger.install expected to throw on xpi url "${xpi_url}"`
);
}
add_task(
{
// Once InstallTrigger is removed, this test should be removed as well.
pref_set: [
["extensions.InstallTrigger.enabled", true],
["extensions.InstallTriggerImpl.enabled", true],
// Relax the user input requirements while running this test.
["xpinstall.userActivation.required", false],
],
},
async function test_InstallTriggerThrows_on_unsupported_xpi_schemes_blob() {
const page = await ExtensionTestUtils.loadContentPage("http://example.com");
const blob_url = await page.spawn([], () => {
return this.content.eval(`(function () {
const blob = new Blob(['fakexpicontent']);
return URL.createObjectURL(blob);
})()`);
});
await assertInstallTriggetRejected(page, blob_url, /Unsupported scheme/);
await page.close();
}
);
add_task(
{
// Once InstallTrigger is removed, this test should be removed as well.
pref_set: [
["extensions.InstallTrigger.enabled", true],
["extensions.InstallTriggerImpl.enabled", true],
// Relax the user input requirements while running this test.
["xpinstall.userActivation.required", false],
],
},
async function test_InstallTriggerThrows_on_unsupported_xpi_schemes_data() {
const page = await ExtensionTestUtils.loadContentPage("http://example.com");
const data_url = "data:;,fakexpicontent";
// This is actually rejected by the checkLoadURIWithPrincipal, which fails with
// NS_ERROR_DOM_BAD_URI triggered by CheckLoadURIWithPrincipal's call to
//
// DenyAccessIfURIHasFlags(aTargetURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT)
//
// and so it is not a site permission that the user can actually grant, unlike the error
// raised may suggest.
await assertInstallTriggetRejected(
page,
data_url,
/Insufficient permissions to install/
);
await page.close();
}
);
|
